HackDig : Dig high-quality web security articles for hacker

Snapchat has decided to ask users to stop using unauthorized apps, after the compromise of an app that offered to save snaps led to questions about the security of the photo and video messaging application itself.

“We’ve enjoyed some of the ways that developers have tried to make Snapchat better,” the company said in the blog post. “Unfortunately, some developers build services that trick Snapchatters and compromise their accounts.”

Last month, Snapsaved.com, the developer of an application that let users save snaps sent on Snapchat, said it had been hacked, after reports that images were leaked. “SnapChat has not been hacked, and these images do not originate from their database,” it said in a Facebook post. The breach affected 500MB of images, and no personal information, according to Snapsaved.

Snapchat used the incident to warn about third-party applications and the threats these can pose to the Snapchat community. Referring to a cottage-industry of application developers, who had accessed the private Snapchat API (application programming interface) to build applications, Snapchat pointed out that the applications often ask for Snapchat login credentials, and use them to send or receive snaps and access account information.

“When you give your login credentials to a third-party application, you’re allowing a developer, and possibly a criminal, to access your account information and send information on your behalf,” Snapchat said in October. The company said it had prohibited access to its private API, and would take some time before it would review its decision “to get it right.” Until then, any application “that isn’t ours but claims to offer Snapchat services violates our Terms of Use and can’t be trusted,” it said.

Several methods exist by which a recipient can use tools outside of the application to save both photo and video messages to access and view the photos or videos indefinitely, FTC said in its complaint. Recipients can, for example, log into the Snapchat application using a third-party app that uses the Snapchat API, and download and save snaps and videos as the timer and delete functionality only works when it is activated within Snapchat, it said.

Snapchat has revised its privacy policy and other public statements to emphasize that while it deletes all viewed snaps from its servers, recipients can still save them.